First they stole your eyeballs, now they steal your CPU!

in #cybersecurity7 years ago (edited)

Malvertising and covert channels

New Malvertising technology has been invented which secretly mines cryptocurrency in your browser. The article reveals how the javascript exploit works here. This is only going to get worse until a proper attention economy is put in place. An attention economy would put monetary value on human attention and if done right make it so your eyeballs cannot be stolen for free. In addition, there should be some way to block or detect all mining but I have to say this might eventually become impossible due to covert channels.

Covert channels could eventually allow attackers to secretly mine on your CPUs in a manner which is very difficult to detect if not impossible to detect. You might notice that some application is using more CPU than it should but you might not notice this if it's only a very small amount or done in a way so as to mask the fact. Covert channels for those who do not know, allow for obfuscation of the communications channels between applications. Anything from code to commands to mining can be obfuscated so that the owner of the machine cannot determine how to stop it even if they can see their CPU is being used. This is because in most cases people rely on their task manager or operating system to tell them true and correct information about what applications are doing and covert channels can confuse the operating system in this regard.

Covert channel analysis

Covert channel analysis is possible so while it might not be entirely impossible to detect covert channels it is at least in my opinion equivalent to finding a needle in a haystack in some cases. It's in my opinion going to become increasingly more difficult to know whether or not your machine has been enslaved covertly.

The good news is that users can protect themselves against surreptitious JS-based cryptocurrency miners hidden in ad code by using an ad blocker.

For now best practice is to use an ad blocker. That will stop the javascript mining attacks. An ad blocker will not however stop more sophisticated attacks which could come in the future that may use covert channels or be disguised as official software. As mining becomes increasingly profitable the sophistication of the attacks will improve to include covert channels and obfuscation to hide the fact that it's mining. It may be detectable but again this is cat and mouse.

References

  1. https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/
  2. https://en.wikipedia.org/wiki/Covert_channel
  3. https://en.wikipedia.org/wiki/Malvertising
Sort:  

It's interesting that JSEcoin is dong this as a feature that webmasters can use to monetize their site. https://jsecoin.com/

Have you heard of this company and what are your thoughts?

That is incredibly interesting, I think I will sign up soon and put it on my own websites.

In 2015, the New Jersey Attorney General’s office shut down a company called Tidbit that was offering website owners a way to mine cryptocurrency on the computers of site visitors. Authorities argued that this was illegal, on the same level as hacking, because Tidbit or website owners didn't ask for specific permission to carry out such intrusive operations.

JSEcoin seems to be offering this same service, already declared illegal by New Jersey.

I saw this same quote in the article mentioned in this steemit article: https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/

I think JSEcoin is headquartered outside of the US but still, it seems to present legal problems. I wonder how it will turn out for them.

@dana-edwards
great insight and learning from a great blogger... after this great read on covert channel and minning... am glad for this line....
"The good news is that users can protect themselves against surreptitious JS-based cryptocurrency miners hidden in ad code by using an ad blocker."

thanks for sharing this... and keep it up!

CPU Ghosts, I am definitely going to install the ad blocker and upgrade my PC Security

Thank you for this. What a nice treat. Hope you enjoy your weekend

JAVASCRIPT is most insecure scripting language! Read "The JavaScript Trap" https://www.gnu.org/philosophy/javascript-trap.en.html

Were been attack from all sides. I've just started using Opera it has a build in ad blocker :) Working well

Coin Marketplace

STEEM 0.18
TRX 0.15
JST 0.028
BTC 63615.94
ETH 2475.04
USDT 1.00
SBD 2.54